Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/B-bT443EhExiC1h6r0W4erOFWHQ.roa
File:                     B-bT443EhExiC1h6r0W4erOFWHQ.roa (raw, json)
Hash identifier:          OyoYPqj35pQsR+bhCSs+mmXzh3XYJYuQa8ZnQm6E0aM=
Subject key identifier:   07:E6:D3:E3:8D:C4:84:4C:62:0B:58:7A:AF:45:B8:7A:B3:85:58:74
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019420D5DB5F26CA4E064517ADED081E6628
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/B-bT443EhExiC1h6r0W4erOFWHQ.roa
Signing time:             Wed 01 Jan 2025 07:47:53 +0000
ROA not before:           Wed 01 Jan 2025 07:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202999
IP address blocks:        92.246.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:db:5f:26:ca:4e:06:45:17:ad:ed:08:1e:66:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 07:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07e6d3e38dc4844c620b587aaf45b87ab3855874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4d:01:01:8a:73:b6:bd:9f:52:ea:db:29:aa:
                    67:de:5b:3a:fa:9c:da:64:50:25:9d:0c:43:da:6f:
                    36:c1:c2:09:71:21:aa:62:ce:ca:e6:fc:19:55:e9:
                    4e:a4:37:7c:d3:1d:3f:77:a8:ea:96:9c:63:32:d2:
                    a8:61:03:fc:33:50:1e:6d:3e:8f:5b:ef:f0:b7:da:
                    52:78:38:37:d8:0a:b6:53:1b:1c:aa:39:48:88:4a:
                    81:a7:11:ed:73:3f:fc:33:01:ed:5a:c0:79:02:59:
                    c9:5d:c9:d1:ec:9e:1f:bf:13:fc:14:10:32:03:79:
                    ab:e5:24:58:47:6a:97:49:19:72:03:3d:27:03:ea:
                    f6:2e:af:a4:5e:9d:6b:b4:b9:08:96:b9:8b:de:59:
                    fc:34:c1:13:42:4e:98:0a:a0:ba:51:3c:56:c7:94:
                    fc:fe:d9:6c:59:29:58:80:40:26:a9:fe:7d:77:8b:
                    a7:dc:3b:7a:50:5c:4a:e3:cd:b8:7a:db:86:09:31:
                    1e:25:dc:38:6e:91:1a:c3:08:45:4e:1a:7d:ce:c4:
                    ac:1d:80:d2:6f:dc:22:68:a2:2b:2b:7c:1e:a0:0b:
                    f4:ed:73:29:86:68:70:8f:94:b8:ca:41:2d:a2:6c:
                    c9:d9:33:06:62:e0:b7:d8:49:fb:43:ae:71:a3:e3:
                    a6:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E6:D3:E3:8D:C4:84:4C:62:0B:58:7A:AF:45:B8:7A:B3:85:58:74
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/B-bT443EhExiC1h6r0W4erOFWHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.246.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:17:e5:cb:1b:2c:16:25:5a:47:cc:e8:4a:c9:8d:0b:c1:58:
         1a:2c:ab:da:54:e1:9f:fb:0d:07:fa:bd:f6:3f:80:44:11:58:
         07:b5:d3:40:8d:d2:98:00:85:22:ef:e9:f4:36:d4:48:3f:8c:
         bc:2f:72:0e:ec:e1:5d:31:ce:26:ec:5f:1b:0c:ae:db:8c:b3:
         dd:5a:1f:2c:5e:0c:a6:58:8c:e0:7c:ca:f7:57:35:53:b6:59:
         85:55:e9:19:ae:7c:65:f4:87:32:1f:a3:e6:29:93:7c:d0:4a:
         04:80:20:03:c6:51:65:df:56:40:13:58:2a:be:ec:97:9f:80:
         7b:bc:d1:ff:2f:3b:f3:78:4c:83:90:fb:a3:cd:63:7f:c9:03:
         69:db:e4:8a:d7:bb:3a:77:87:31:3a:bb:88:ad:70:39:3e:32:
         7c:3a:43:fa:e8:14:ba:ea:2d:87:0e:10:d1:1c:e2:3e:d3:6e:
         e4:16:fc:37:cc:ec:73:01:d2:d6:be:44:b8:f1:3c:f7:a5:cf:
         29:17:85:1b:de:ca:da:da:61:f6:61:eb:a8:bc:ea:09:dc:84:
         3b:84:f2:f7:d2:f7:3c:b0:32:fe:f4:07:d2:dd:d3:79:92:86:
         0e:ab:af:54:4e:58:c4:78:c1:2c:aa:51:23:91:02:fb:cd:10:
         90:50:08:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dtfJspOBkUXre0IHmYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwMTAxMDc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2U2ZDNlMzhkYzQ4NDRjNjIwYjU4N2FhZjQ1Yjg3YWIzODU1ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3U0BAYpztr2fUurbKapn3ls6+pza
ZFAlnQxD2m82wcIJcSGqYs7K5vwZVelOpDd80x0/d6jqlpxjMtKoYQP8M1AebT6P
W+/wt9pSeDg32Aq2UxscqjlIiEqBpxHtcz/8MwHtWsB5AlnJXcnR7J4fvxP8FBAy
A3mr5SRYR2qXSRlyAz0nA+r2Lq+kXp1rtLkIlrmL3ln8NMETQk6YCqC6UTxWx5T8
/tlsWSlYgEAmqf59d4un3Dt6UFxK4824etuGCTEeJdw4bpEawwhFThp9zsSsHYDS
b9wiaKIrK3weoAv07XMphmhwj5S4ykEtomzJ2TMGYuC32En7Q65xo+OmfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfm0+ONxIRMYgtYeq9FuHqzhVh0MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvQi1iVDQ0M0VoRXhpQzFoNnIwVzRlck9GV0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPZNMA0G
CSqGSIb3DQEBCwUAA4IBAQACF+XLGywWJVpHzOhKyY0LwVgaLKvaVOGf+w0H+r32
P4BEEVgHtdNAjdKYAIUi7+n0NtRIP4y8L3IO7OFdMc4m7F8bDK7bjLPdWh8sXgym
WIzgfMr3VzVTtlmFVekZrnxl9IcyH6PmKZN80EoEgCADxlFl31ZAE1gqvuyXn4B7
vNH/LzvzeEyDkPujzWN/yQNp2+SK17s6d4cxOruIrXA5PjJ8OkP66BS66i2HDhDR
HOI+027kFvw3zOxzAdLWvkS48Tz3pc8pF4Ub3sra2mH2YeuovOoJ3IQ7hPL30vc8
sDL+9AfS3dN5koYOq69UTljEeMEsqlEjkQL7zRCQUAhB
-----END CERTIFICATE-----